Kali Linux MCP Server
A tool that allows penetration testing through Kali Linux commands executed via a Multi-Conversation Protocol server, supporting security testing operations like SQL injection and command execution.
README
目前只是个玩具,只支持执行可以返回的命令,如burp suite和metasploit等不能进行界面和命令交互,metasploit倒是可以叫ai agent直接执行不进入命令交互模式,有时间弄得的哥们可以拿去加强一下 😜
kalilinuxmcp
kali linux mcp,pentest,penetration test
更新:
20250401更新: 新增简单的交互式处理
如何安装:
1: 首先要用ssh-keygen -t rsa做一个私钥和公钥,替换公钥到Dockerfile的,替换私钥到"C:\Users[Username].ssh\kali000",这里自行去src\index.ts里搜索"kali000"替换路径
'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsoJo7WJIHDQgmEdKwm6IqS61xaGWa/OVVMCrMwcVh13xvYbAD7wdMufzNhWRxSso3SKvTHbQjIszvYQgkVFjRPiJW5vGCU0847CX0zZytGLnKpKWDZ5ccShMPlIxVuy2+WUQlKNL7f+w59PMX+3BLcikhtwk0xwG7tpS4kAtXHlrwt1B1vFj3CoF8rBofGJAahOuPvruRh9i1i73i5JJHJFeDdJVfNnY5/8HnBvtWtJzbsbmlyaTODfrDCeYZ32zxDZdsPVEls3RDsfgUadyC71mpXloJ8JTiUU37H5DY+xtIuz3XICwA7DsVm9jiKaSR96DZyogYxx+UKdrDsIH4JQwBNs3RDCX+t7ivKj75KkhhrW2X2h90EOjwQPQOhuVU2FtMXbWlfbZL5UwXGgA7Efe3N0ZzrKac+RGM6vY/jsnESgZaTayF/N/BysMpjI18xy6Y12CyPXVYsvF3v04d2XR1Fs5rduERjpot7o9N+i5FcoTfUb5WP5nVU9X0b2s= hack004@DESKTOP-H4HRI73'
2:因为是国内环境,docker里我加了使用主机的socks5代理,自行搜索来替换"192.168.31.110",还有dns服务器也强制用dns2socks转到了本地127.0.0.1使用socks5代理,可自行去Dockerfile里替换或者去掉
3:原始使用的"booyaabes/kali-linux-full"镜像,但是里面软件版本有点老,自行选择是否要执行以下操作更新(主要需要更新很久!)
1:wget -q -O - https://archive.kali.org/archive-key.asc | gpg --import
2:curl -fsSL https://archive.kali.org/archive-key.asc | sudo gpg --dearmor -o /usr/share/keyrings/kali-archive-keyring.gpg
3:sudo apt update && sudo apt full-upgrade -y
4:(下载更新最新版kali linux的所有工具,注意很大很慢)sudo apt install kali-linux-everything -y
5:如果只需更新单独的软件,就无需执行4因为要很久,例如sudo apt install wpscan
6:我自己倒是完成了最新更新,但是容器太大了几十G就不传了,需要的自行操作就行了```
4:(编译MCP),先npm install后直接npm run build,得到build目录,核心是index.js
5:(编译Docker镜像),
1:编译镜像:"docker build -t kali-pentest-mcp ."
2:部署镜像:"docker run --name kali-container -d --privileged -p 2222:22 kali-pentest-mcp"
6:安装MCP:
"kali-pentest-mcp-server": {
"command": "node",
"args": ["D:/kalimcp/build/index.js"],
"env": {}
}
注意事项:
1: 每次重启docker后记得刷新MCP,因为可能SSH连接会断开
参考项目:
https://github.com/weidwonder/terminal-mcp-server
效果展示:
1:Lab: Blind SQL injection with out-of-band data exfiltration
2:command injection:
3:Lab: Web shell upload via Content-Type restriction bypass
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.